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DETAILED ACTION 

This action is responsive to the pre-brief appeal decision filed October 14, 2009. 
Claims 1-27 are pending. 

Response to Amendment 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1,2, 4-22, and 27 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Bornstein et al., U.S. Patent Application Publication No. 2002/0163882. 

Regarding claim 1 , Bornstein teaches an overlay network for maintaining traffic 
flow between a client and a server during a denial of service attack, comprising: a set of 
overlay nodes, coupled between the client and the server, wherein each overlay node 
comprises: a ranking module configured to rank the overlay nodes based on a 
performance metric, wherein an overlay node with a higher-ranking indicates that the 
overlay node has better performance for transferring traffic to the server than overlay 
nodes with lower-rankings (paragraph 38, lines 1-17, Bornstein discloses ranking a 
route's performance, which is based on its nodes, by using ping data); and 
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a probing module configured to probe a portion of the overlay nodes with higher- 
rankings more frequently than overlay nodes with lower-rankings during probing 
intervals (paragraph 38, lines 17-28, paragraph 43, Bornstein discloses pinging the top 
performing routes more frequently). 

Regarding claim 2, Bornstein teaches the overlay network as recited in claim 1, 
wherein each overlay node further comprises a path selection module, configured to 
dynamically select an overlay node with a highest-rankings to be included as part of a 
pathway for transferring traffic to the server (paragraph 43, lines 1-4). 

Regarding claim 4, Bornstein teaches the overlay network as recited in claim 1, 
further comprising one or more target nodes, configured to transfer the traffic from one 
or more of the overlay nodes directly to the server, the one or more target nodes having 
exclusive knowledge of an identity for the server (paragraphs 38, 43). 

Regarding claim 5, Bornstein teaches the overlay network as recited in claim 1, 
wherein each overlay node is virtually connected to each other (paragraphs 38, 43). 

Regarding claim 6, Bornstein teaches the overlay network as recited in claim 1, 
wherein the performance metric includes at least one of: available bandwidth, latency, 
loss rate, and jitter; and wherein an overlay node with a higher-ranking indicates that the 
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overlay node has better performance for transferring traffic to the server than overlay 
nodes with lower-rankings, the better performance including at least one of: more 
available bandwidth, less jitter, lower latency, and less packet loss (paragraphs 38, 43). 

Regarding claim 7, Bornstein teaches the overlay network as recited in claim 1, 
wherein the ranking module is further configured to determine whether the portion of 
overlay nodes with higher-rankings continue to have better performance for transferring 
traffic to the server than one or more of the overlay nodes with lower-rankings after a 
probing interval (paragraphs 38, 43). 

Regarding claim 8, Bornstein teaches the overlay network as recited in claim 1, 
wherein the ranking module is configured to demote the rankings of the portion of 
overlay nodes with higher-rankings to lower-rankings if the portion of overlay nodes with 
higher-rankings have worse performance for transferring traffic to the server than one or 
more of the overlay nodes with lower-rankings after a probing interval (paragraphs 38, 
43). 

Regarding claim 9, Bornstein teaches the overlay network as recited in claim 1, 
wherein the traffic is data (paragraphs 38, 43). 
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Regarding claim 17, Bornstein teaches the method as recited in claim 10, further 
comprising determining whether the portion of overlay nodes with higher-rankings 
continue to have better performance for transferring traffic to a target than one or more 
of the overlay nodes with lower-rankings after a probing interval; and promoting the 
rankings of one or more of the overlay nodes with lower-rankings to higher-rankings, if 
the portion of overlay nodes with higher-rankings have worse performance for 
transferring traffic to a target than one or more of the overlay nodes with lower-rankings 
(paragraphs 38, 43). 

Claims 1 0-16, 1 8-22, and 27 do not teach or define any new limitations above 
claims 1, 2, 4-9, and 17 and therefore are rejected for similar reasons. 

3. Claims 3 and 23-26 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Bornstein further in view of Corrigan et al., U.S. Patent Publication No. 
2004/0148357. 

As to claim 3, Bornstein teaches the method of claim 1 . 

Bornstein does not explicitly teach an access node, configured to authenticate 
traffic directed to the server from the client, and forward authenticated traffic to one or 
more of the overlay nodes. 

However, Corrigan teaches a messaging gateway for use by mobile networks 
(see abstract). Corrigan teaches the use of validation nodes (paragraph 51). 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Bornstein in view of Corrigan to use an access node, configured to 
authenticate traffic directed to the server from the client, and forward authenticated 
traffic to one or more of the overlay nodes. One would be motivated to do so because it 
guarantees confidentiality and integrity of all traffic. 

Regarding claim 23, Bornstein teaches an overlay network to mitigate a denial of 
service attack, comprising: target nodes configured to transfer the traffic previously 
authenticated by the access nodes to the server; and overlay nodes, coupled between 
the access nodes and the target nodes, configured to route the traffic from the access 
nodes to the target nodes by selecting a best end-to-end path between the client and 
the server based in accordance with at least one performance metric (col. 1 , line 57 - 
col. 2, line 14, col. 4, lines 10-29, col. 13-15). 

Bornstein does not explicitly teach access nodes configured to authenticate 
traffic directed to the server from the client. 

However, Corrigan teaches the use of validation nodes (paragraph 51). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Bornstein in view of Corrigan to use access nodes configured to 
authenticate traffic directed to the server from the client. One would be motivated to do 
so because it guarantees confidentiality and integrity of all traffic. 
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Regarding claim 24, Bornstein teaches the overlay network as recited in claim 
23, wherein each overlay node is configured to dynamically select, a best target node 
for accessing the server and a best path to reach that target node (paragraphs 38, 43). 

Regarding claim 25, Bornstein teach the overlay network as recited in claim 24, 
wherein the best path is selected via a best next hop measured in terms of the at least 
one performance metric (paragraphs 38, 43). 

Regarding claim 26, Bornstein teach the overlay network as recited in claim 23, 
wherein each overlay node comprises: a ranking module configured to rank the overlay 
nodes based on the performance metric, wherein an overlay node with a higher-ranking 
indicates that the overlay node has better performance for transferring traffic to one of 
the target nodes than overlay nodes with lower-rankings; and a probing module 
configured to probe a portion of the overlay nodes with higher-rankings more frequently 
than overlay nodes with lower-rankings during probing intervals (paragraphs 38, 43). 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-27 have been considered but are 
moot in view of the new ground(s) of rejection. 
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Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U.S. Pat. No. 5,539,659 to McKee et al., because it discloses ranking of nodes. 
U.S. Pat. No. 5,802,503 to Sansone, because it discloses nodes that are ranked 
and weighted. 

U.S. Pat. Publication No. 2002/0002686 to Vange et al., because it discloses a 
method and system for overcoming denial of service attacks. 

U.S. Pat. No. 7,185,077 to OToole et al., because it discloses performance 
metrics of a network and an overlay network of nodes. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AVI GOLD whose telephone number is (571)272-4002. 
The examiner can normally be reached on M-F 8:30 a.m. to 5 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on 571-272-4001 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
/A. G./ 

Examiner, Art Unit 2457 
/ARIO ETIENNE/ 

Supervisory Patent Examiner, Art Unit 2457 



